OSDev.org

Hy!
What is your opinion about an Online OS?
I want to say that you don't need to install any system to your station, only the files and folders you keep to it, and the interface run from WEB.

Hi,

mihksoft wrote:What is your opinion about an Online OS?
I want to say that you don't need to install any system to your station, only the files and folders you keep to it, and the interface run from WEB.

Where would software run?

If applications, etc run on the server then where does the cash come for large servers (e.g. for each 100 additional users you'd probably need to spend $5000 on more "many-CPU" servers)? Do I need to pay a fee to cover the hardware costs, and why should I pay a fee when my own hardware has enough CPU power for my uses?

If applications, etc run on my computer, then my internet connection is too slow and performance (file I/O throughput and latency) would suck badly because of that.

In both cases, where does the cash for internet bandwidth and server maintenance come from? Would I have to pay monthly fees to cover these costs?

What about fault tolerance? If your server dies (hardware or software problem) then will the OS be unusable until the server comes back online, or will I need to reconnect to a different server? Will I lose unsaved data when your server dies?

How about security? Can you gurantee that my data (on the server) can't be accessed by anyone else, including people maintaining the server?

Lastly, is there any advantage compared to the OSs I'm currently using? Are these advantages worth the fees I'd need to pay to cover the costs of your servers, your maintenance, your internet bandwidth and my additional internet bandwidth?


Cheers,

Brendan

Actually what i would like to create, though it seems im not talentet enough, has to do with exactly this. (and some more)

I think it is a good idea because it, if done the right way, could be very convinient, but i dont actually think that there will be a need for something like it in any near future.

I shudder at the thought what the combined "Security Ministers" of our so-civilized world would make of this. As long as apps and data are on my local machine, I can take measures against people - government, corporate, crime, terrorists, whatever - sniffing around in my stuff.

But I doubt you'll get far with an online OS before the NSA, BND, MI6, Mossad and whoever appear at your doorstep and demand you implement some backdoor for them to have a look at user's data, or consequences. What do you do then? And will you tell your users?

I would never allow any invasion of the users privacy, even if it ment taking measures that might not be completely legal.

Means you go to jail... not a nice prospect.

here are other ways than going to jail

The data on my computer can be locked down with either my own software or free encryption schemes or any number of measures to protect my computer from comprimisation.

with an online OS, the data is out of my hands and I would just hope that they other side is locked down.
scary thought.

Also here, I can physically destroy data by gauss coil or pick-axe. =)

on an OOS the data is still there just probably 'flagged' deleted and hasnt even been overwritten yet and if it has, it takes 8 times to be officially erased.

who is to say that your desktop cant handle any encryption needed? I should think that it could still be stored online.

Zacariaz wrote:who is to say that your desktop cant handle any encryption needed? I should think that it could still be stored online.

If the data is encrypted / decrypted on my local machine, and stored on your servers only encrypted, you have an encrypted online storage, not an online OS - because the apps on your server cannot work on the (encrypted) data...

i se ways of getting around the problem, but im probably not able to explain and if i were i would only result in a huge discussion going nowhere.
Anyway, i do believe it is possible.

Solar wrote:

Zacariaz wrote:who is to say that your desktop cant handle any encryption needed? I should think that it could still be stored online.

If the data is encrypted / decrypted on my local machine, and stored on your servers only encrypted, you have an encrypted online storage, not an online OS - because the apps on your server cannot work on the (encrypted) data...

A remote data store with a linked remote application store is still a local OS remoted properly. If you do your setupping properly, nothing the server can do will affect the integrity of your data without your password - which they may not ever receive in verbatim form.

I for one also intend to make my OS remoted as Zacariaz proposes. You will have to use something you know (well - two factor authentication but as you need to physically interface with the system from the servers perspective it's still one-factor authentication - so the point's moot) with sufficient complexity and unpredictability that the server can authenticate you without using your "password". I've worked out the basic idea but I still need to get the OS in a basic state to work on these frivolities.

I have a hard time picturing that. The app runs on the server. If that app is able to handle my data, that data is in the server's memory, unencrypted. At that point, my data is no longer secure from malware, be that the server itself or some exploited weakness of the server by third parties.

Where is the error in my thinking? (If you claim you have the basics worked out, I trust it can be done somehow, but I fail to see how.)

Solar wrote:I have a hard time picturing that. The app runs on the server.

Your assumption is wrong. I don't run anything on the server except the file serving and authentication. The server only knows "this binary blob is personal file for this user with this password", "this binary blob is a program called "XYZ Suite", "this user can (and wants to) access this program". In effect though, it doesn't even know the blobs, they're also just URLs for the programs themselves, allowing remote hosting. The servers need to be able to do byteserving (or actually, 4K block serving) with block-based writing.

The user connects to the AOS server which authenticates the user and for the rest only does storage. For all practical purposes, the environment of the user is fully stored online (optionally - you can of course set the location to localhost://...) including all programs, so you can just use any computer after login as your own.

Where is the error in my thinking? (If you claim you have the basics worked out, I trust it can be done somehow, but I fail to see how.)

You don't have an error in your thinking (or we would've clashed a long time ago). You have an error in your assumptions.

So the binary blob which is the application is executed on the client, not the server.

Which requires my client to run the OS the application was compiled for, correct?

While being a nice idea in itself, it's not what I would call an "online OS", which would probably have to do with something browser- or X-Window-based (yuck).